On Fri, May 15, 2020 at 10:55:50AM -0700, Andi Kleen wrote:
Indeed, we've seen a few hacks that basically just enable FSGSBASE:- https://github.com/oscarlab/graphene-sgx-driver - https://github.com/occlum/enable_rdfsbase And would very much like to get rid of them...These are insecure and open root holes without the patches used here.
It's sad that these hacks are being used alongside SGX on "secure" systems. -- Thanks, Sasha
